Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Control physical access to rack level

August 2018 Editor's Choice, Access Control & Identity Management, Asset Management, Infrastructure

By Andrew Williams, Astra Fasteners.

With reports of widespread data breaches in the global spotlight, data centre managers are under increasing pressure to ensure that access to restricted information is protected.

Cybersecurity remains a number one priority, but in many cases, data breaches occur as a result of physical access to that data in some way. Within the data centre environment, preventing unauthorised physical access to sensitive data is crucial.

Electronic locks offer audit trail reporting capabilities and can also be set up to provide local alerts, including indicator lights, beacons or alarms.

Securing information within the data centre presents heightened physical security and access control challenges. Heavy-duty perimeter security and room level access control prevents access to the building and server rooms, but once inside, data storage equipment may not include that same level of security. In some co-location centres for instance, cabinets containing particularly sensitive data are protected by a chain link fence enclosure; however, these cabinets are still at risk should an unauthorised individual gain access to that enclosure.

Given that a large percentage of security breaches are perpetrated by insiders, this level of security is insufficient. Strictly enforced regulations, such as the USA’s HIPAA (the Health Insurance Portability & Accountability Act), SOX (Sarbanes Oxley), FISMA (the Federal Information Security Management Act) and CIP (the Critical Infrastructure Protection Act), require sufficient physical security measures to prevent unauthorised access to sensitive data.

For complete physical security, the actual server cabinets should be secured to the same degree as the data centre itself. Verification of credentials for access control and, where required, auditing rack-level access can prevent costly data breaches and stiff penalties for non-compliance. Data centre managers can avoid these risks by incorporating intelligent, reliable electronic locking systems at the rack-level to protect access to sensitive information.

Intelligent locking systems

Effective rack-level access control systems are specifically designed for server cabinets with a flexible, open architecture that allows them to be easily integrated with any existing security system. An effective physical security system is typically comprised of three key elements: user interface, intelligent lock, and remote control and monitoring.

High-quality, reliable electronic locks are critical to the successful operation of a complete solution. Intelligent locks grant access only to validated users and can also provide electronic outputs for external security monitoring and auditing. The user interface validates the user credential, which is authenticated by an access controller and signals the electronic lock to open. Electronic locks can be operated through a variety of access control devices, such as digital keypads, biometric readers and wireless based solutions such as RFID and Bluetooth.

Electronic access provides a method to identify which racks have actually been accessed – by whom, when and for how long. Once access is triggered by an electronic signal, a digital signature is created and archived for future audit trail reporting, either on site or remotely. Indicator lights, beacons or alarms can also be set for local alerts. Electronic access records are particularly useful when security compliance requirements call for the submission of an audit trail report. This data can also facilitate investigation should a data breach occur.

Additionally, maintaining automatic digital documentation is more convenient than manually tracking and recording access. Rather than keeping track of mechanical keys – particularly in a co-location setting – electronic access allows administrators to upload (or delete) electronic credentials from their user database. With networked systems, these updates to the approved list can be made remotely, from anywhere in the world. With cloud-based solutions, this can be accomplished wirelessly, using Bluetooth-enabled mobile devices.

Rack-level electronic access solutions

Since different data storage environments have their own unique security requirements, tailoring electronic access solutions to the needs of a data centre’s existing infrastructure is essential. An experienced electronic access solutions provider will recommend only the level of complexity that makes sense for the application, and should be able to retrofit the new devices to existing cabinets and security systems. There are numerous solutions for upgrading existing security systems to incorporate rack-level security.

Self-contained solutions for instance, are the simplest form of electronic access. These solutions provide simplified key management in a battery-powered device that is easy to install, and provides electromechanical locking and access control in one package, with no wiring involved. Standalone solutions are another option that provides local plug-and-play access control, independent of any network. Standalone solutions do not typically require any software for operation but cannot be accessed remotely.

Integrated solutions on the other hand, offer cabinet level access control that can be integrated with building access control and monitoring systems, extending an existing networked access control system down to the rack level. Networked solutions can also be used to monitor and manage multiple rack access points from a host computer for remote system configuration, access control and monitoring, independent of external security systems.

Streamlining migration between platforms

Rack-level electronic locks may incorporate an RFID reader with industry standard Wiegand outputs that can tie into any traditional building system. When integrating rack-level access control solutions, there may be a need to support both proximity and smart card RFID protocols. By integrating an industry standardised electronic locking and access control solution that reads multiple RFID formats, data centre managers can leverage their existing building security system for rack-level access control regardless of card technology used. This type of solution offers simplified installation, allowing personnel to use their existing credentials to access multiple areas within the data centre – from the server room to the rack level.

Electronic locks like Southco’s H3-EM Swinghandle series is available with a card reader that reads multiple card formats, providing a higher level of security and facilitating the transition to new security technologies used to manage access to keyless entry points at the rack level.

Electronic access solutions with the ability to read multiple formats allow the cabinet to be opened with any type of card, from RFID to iCLASS, simplifying access control and providing the data centre manager with greater flexibility and the ability to easily migrate from Prox to smart-card based systems. By using an intelligent lock that supports multiple RFID readers, data centres can maintain a higher level of security and facilitate the transition to new security technologies used to manage access throughout the data centre.

Physical access control across the facility

In today’s highly regulated data centre environment, access control and monitoring at the rack level are a must. While significant resources are dedicated to fighting online cyberattacks, physical protection of stored data is equally as important. The need for increased security and compliance with a myriad of regulations necessitate access control and monitoring capabilities for the actual cabinets where data is stored.

Data centre managers can achieve physical access control by implementing electronic access solutions, which offer solutions for audit trail maintenance and compatibility with existing facility-wide security systems. Protecting data within facilities requires the same level of access control for racks as the buildings that house them.

For more information, contact Andrew Williams, Astra Fasteners, +27 11 918 6696, andrew.williams@astrafasteners.co.za, www.astrafasteners.co.za.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

IQ and AI
Leaderware Editor's Choice Surveillance AI & Data Analytics
Following his presentation at the Estate Security Conference in October, Craig Donald delves into the challenge of balancing human operator ‘IQ’ and AI system detection within CCTV control rooms.

Read more...
Onsite AI avoids cloud challenges
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure AI & Data Analytics
Most AI programs today depend on constant cloud connections, which can be a liability for companies operating in secure or high-risk environments. That reliance exposes sensitive data to external networks, but also creates a single point of failure if connectivity drops.

Read more...
Toxic combinations
Editor's Choice
According to Panaseer’s latest research, 70% of major breaches are caused by toxic combinations: overlapping risks that compound and amplify each other, forming a critical vulnerability to be exploited.

Read more...
Global hub for predictive road safety intelligence
News & Events Asset Management Transport (Industry)
One year since its formation, Netstar’s advanced Global Fleet Bureau is more than an operational facility for international fleet management, it has become a big-data nerve centre delivering unprecedented value to clients.

Read more...
Short-range indoor LiDAR sensor
OPTEX Perimeter Security, Alarms & Intruder Detection Infrastructure Products & Solutions
The REDSCAN Lite RLS-1010L has been developed to provide comprehensive coverage and protect high-risk security zones and vulnerable, narrow indoor spaces that are difficult to protect with traditional sensors.

Read more...
Webfleet and Peregrine.ai collaborate on visual intelligence solution to enhance driver and vehicle safety.
News & Events Asset Management Transport (Industry)
Webfleet, Bridgestone’s fleet management solution, and Peregrine.ai, a Berlin-based startup transforming mobility through AI-powered vision systems, announced the launch of a next-generation driver assistance solution.

Read more...
Direct-to-cloud surveillance platform
Surveillance Infrastructure
Oncam has announced a forthcoming end-to-end, direct-to-cloud video platform that combines AI-enabled cameras, intelligent IoT devices, and cloud-integrated video management software to deliver smarter performance with reduced complexity.

Read more...
Is your entrance security secure?
SMART Security Solutions Centurion Systems Technews Publishing News & Events Access Control & Identity Management Smart Home Automation
While Centurion Systems may be known as a leader in gate and door motors in 72 countries, the company has developed more than hardware and now offers an automation ecosystem for access control security.

Read more...
Continuum launches centralised access and identity management
Editor's Choice Access Control & Identity Management Integrated Solutions Facilities & Building Management
Continuum Identity is a newly launched company in the identity management and access control sector, targeting the complexity of managing various Access and Identity Management (AIM) systems.

Read more...
Software security is a team sport
Information Security Infrastructure
Building and maintaining secure software is not a one-team effort; it requires the collective strength and collaboration of security, engineering, and operations teams.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.